Privacy Statement
1. Privacy Policy
t’order (“Company”) collects, uses and provides personal data based on users’ consent and actively guarantee their rights (the right to personal data self-determination). The Company complies with the relevant laws, regulations, and guidelines of the Republic of Korea to be complied with by the providers of information and communication services. The term “privacy policy” means the guidelines that the Company must adhere to so that users can safely use the services by protecting their valuable personal data. This Privacy Policy applies to the t’order's services ("t’order " or "Service").
2. Collection of Personal Data
Minimum collection of personal data needed for the provision of services
During signing up or the process of using the services, the website, applications or programs collect the following minimum necessary personal data for service provision:
[t’order account]
- Required: Email address, mobile phone number, password, name
[Customer support]
- Required: Phone number, t’order account (email/mobile phone number)
Certain services may collect additional personal information with the user's consent, beyond the information collected from the t’order account, in order to provide various specialized functions.
- Required information: Information required to perform the essential functions of the service
- Optional information: Additional information collected to provide more specialized services (Even if users' optional information is not provided, service usage is not restricted.)
Methods of collection of personal data
When collecting personal data, the Company always informs users in advance and obtains their consent. Personal data is collected through the following methods:
- When users consent to the collection of personal data and enter information in person during the signing up and service usage processes.
- When personal data is received from affiliated services or organizations, etc.
- Through the consultation process with the customer support center via web pages, email, fax, phone, etc.
- Participation in events/campaigns held both online and offline
When collecting personal data of a child under the age of fourteen (14), the Company obtains the consent of their legal guardian and collects only the necessary minimum personal data.
To secure the legal guardian's consent, minimal information, such as the legal guardian's name and contact details, might be solicited from the child through the following methods:
- Verifying the legal guardian's identity via their mobile phone authentication
- Providing the legal guardian with a written consent form and obtaining their signature for submission
- Utilizing other equivalent means to the above to communicate the specifics of the consent to the legal guardian and ascertain their intention to provide consent
Personal data collected from users while they use the Service:
Information such as device information (OS, screen size, device ID), IP address, cookies, time and date of visit, records of improper usage, and service usage records may be automatically generated and collected while the users use the website, mobile website or application.
3. Use of Personal Data
Use of personal data to manage membership, provide and improve services, and to develop new services
During signing up or the process of using the services, the website, applications or programs collect the following minimum necessary personal data for service provision:
- Member identification, confirmation of the user’s will to sign up, user/age verification, prevention of improper usage
- Confirmation of consent of a legal guardian in case of collecting personal data of children under fourteen (14) years of age, verification of identity of the legal guardian when exercising their rights
- Analysis and service provision based on demographic characteristics
- Development of new services, provision of various services, handling inquiries or complaints, and delivering announcements
- Prevention of and sanction on any act that interrupts normal service operation of the service (including account theft and improper usage)
- Confirmation of participation in events/campaigns, utilization for marketing and advertising
- Voice command processing and voice recognition enhancing, provision of personalized services
- Utilization for statistics pertaining to service usage records, frequency of access, and service utilization; building a privacy protection-oriented service environment, tailored service provision, and service improvement
Additional use/provision of personal data
The personal data may be used or provided to a third party, without consent from the user and in accordance with related laws, to the extent that the information is collected and used for reasons reasonably related to the purpose of collection. In such cases, the Company comprehensively considers whether it is relevant to the original purpose of collection, whether further use or provision of personal data is expected given the circumstances of collection or processing practices, whether it unduly infringes on the user's interests, and whether security measures such as pseudonymization or encryption have been taken.
t’order can pseudonymize the collected personal data in order to secure anonymity of the individuals. This pseudonymized information can then be processed for statistics, scientific research and public records. In such cases, pseudonymized information is saved and managed separately from the additional information, and necessary technical and operational measures are applied to prevent re-identification.
4. Provision of Personal Data
t’order does not provide personal data to any third party without the user’ consent or unless demanded by applicable laws.
Provision of personal data for service connections with third parties
t’order does not provide personal data to any external party without the user’s consent. However, within the necessary scope for users to use individual services provided by the Company or external partners, personal data is provided to third parties after obtaining the user's consent. Detailed information about the provision of personal data for each specific service can be found on the website for individual services or the Company's website.
t’order can provide necessary organizations with personal data without consent from the subject in the event of a disaster, communicable diseases, urgent incidents or accidents that can lead to death or physical endangerment, and/or emergency situations that can lead to immediate financial loss.
Entrustment of business for service provision:
The Company entrusts personal data to enable external entities to perform some of the essential tasks required for service provision. The Company manages and supervises to ensure that the entrusted entity complies with laws and regulations on personal information protection by limiting the entrusted entity's processing of personal information for purposes only related to the performance of entrusted tasks, applying technical and operational protective measures and restricting re-entrustment. The list of entrusted entities can be viewed on the Company's website.
5. Destruction of Personal Data
Procedure and method for the destruction of personal data upon achieving the purposes of collection and use
When personal data needs to be destroyed because the purpose of collecting or using personal information has been achieved or in the event of users’ withdrawal, the method of destruction is determined depending on the format of the personal data. Personal data stored in electronic file formats is securely deleted using technical means to prevent recovery and regeneration. Other types of records, prints, and documents are be destroyed through shredding or incineration.
However, information that needs to be destroyed after being stored for a certain period under the internal policies shall be as follows:
1) The following information is retained for up to one (1) year from the date of users’ withdrawal:
- t’order account and email addresses for sending withdrawal notification are encrypted and retained for the purpose of sending informative emails and handling customer service inquiries.
- Improper usage records
t’order stores or deletes the personal data of members who have not used the service for up to one (1) year in accordance with the requirement to destroy or segregate dormant user data. The separately stored personal information is retained for a period of four (4) years, after which it is promptly disposed of.
Other items of personal data that must be retained for a specific period in accordance with laws, their legal basis, and retention periods are as follows:
Items to be retained
Legal basis
Period of retention
Records related to withdrawal of contracts or subscriptions
Act on the Consumer Protection In Electronic Commerce, ETC.
5 years
Records regarding payment, supply of currency, etc.
5 years
Records of handling customer complaints or disputes
3 years
Records of display/advertising
6 months
Books and supporting documents related to all transactions as stipulated by tax laws
Framework Act on National Taxes
5 years
Records of electronic financial transactions
Electronic Financial Transactions Act
5 years
Records of service visits
Protection of Communications Secrets Act
3 months
6. Processing Personal Location Information
Processing of personal information in accordance with the Act on the Protection and Use of Location Information (“Location Information Act”)
Retention of personal location information under Article 4 of the t’order Location-based Service Terms and Conditions, the Company may retain personal location information.
- When the purpose of location-based service usage and provision is achieved, personal location information shall be promptly destroyed.
- In the case of services where location information is stored along with user-generated posting or content, personal location information will be retained during the content's storage period.
- If needed for the provision of other location-based services, personal location information may be retained for the minimum required period to achieve the purpose.
Once the purposes of collection and use of personal location information are achieved, it shall be promptly destroyed.
Once the information has been collected and used for its desired purpose, or the user has withdrawn from the service, the personal location information is safely deleted so that it cannot be restored or regenerated.
However, the information will be retained in cases of legitimate reasons such as legal requirements for retention pursuant to related laws.
Further, in accordance with Article 16(2) of the Location Information Act, evidence that confirms the use and provision of user's personal information shall be stored in the location information system for six (6) months.
Non-provision of personal location information to third parties without users’ prior consent
t’order shall not provide personal location information to third parties without the user's consent. In cases of providing to third parties, the user will be notified in advance of the recipient, and the purpose of provision, and may consent to the provision of such information.
When personal location information is provided to a third party with the user's consent, the recipient, date, and purpose of the provision will be immediately notified to the user every time the information is provided.
7. Miscellaneous
t’order protects your rights.
Users can access and modify their personal information at any time, and can request the withdrawal of consent to the collection, usage, and provision of personal information or withdrawal.
In case of requesting corrections to errors in personal information, the information will not be used or provided until the correction is completed.
Use of cookies for provision of PC-based services
Cookies are used to support a faster and more convenient use of websites and to provide customized services.
What are cookies?
Cookies are very small text files sent by the server operating a website to the user's browser and stored in the user's computer.
Purpose of use
The Company uses cookies which save and retrieve user information in order to provide personalized and customized services. When users visit a website, the website server loads the cookies stored in the user's device to maintain user settings and provide personalized services. Cookies help users connect to websites according to their settings and navigate them conveniently. Cookies are also utilized to offer optimized ads and personalized information based on the user's website visit history and usage patterns.
Rejection of cookies
Users have the option to block cookies Therefore, users can set their web browser options to either allow all cookies, prompt for confirmation when storing cookies, or reject the storage of all cookies. However, blocking all cookies may result in inconvenience in website usage and difficulties in using certain services that require login.
How to accept/block cookies
1) Internet Explorer:
Go to the top menu in the web browser > Internet Options > Privacy and Security> Settings.
2) Chrome:
Click on the settings menu on the right side of the web browser > Click Privacy and security > Third-party cookies.
Actions taken to protect personal data
We consider users’ personal data as the most valuable asset and make the following efforts in handling personal data:
- Encryption of users’ personal data
Users' personal data is transmitted through encrypted communication channels. Important information, including passwords, are encrypted when stored.
- Protection against hacking and computer viruses
To prevent leakage or damage of user's personal data due to hacking or computer viruses, we have installed systems in controlled areas to block external access. We monitor and block intrusion attempts by hackers, etc. 24/7 and also have installed antivirus programs to keep the systems free from the latest malicious codes and viruses. Further, we continuously research and apply new hacking/security technologies to our services.
- Minimizing personnel with access to personal data
We limit the number of employees involved in personal data processing to a minimum and block the use of external Internet services on work PCs to reduce the risk of personal data leakage. We have established systematic criteria for creating and changing passwords and access authorization for the database systems that store personal data and for the systems that handle personal data and are conducting ongoing audits.
- Regular training on personal data protection for all employees
We conduct regular education and campaigns on the obligations of personal data protection and security for all employees who handle personal data.
Privacy protection officer and responsible department
For all inquiries, complaints, advice, or other matters related to personal data protection that arise while using our services, please contact our privacy protection officer and the responsible department. t’order will listen to your voice and will do its best to provide a prompt and thorough response.
Privacy protection officer and responsible department
- Privacy protection officer: Kim Yong-un
- Responsible department: Legal Affairs Team
- Contact: Customer Service Center +82-1644-2448
If you require assistance due to a personal data breach, or need to report or consult on such matters, you can contact the following organizations:
- KISA Report Center for Personal Data Breach / +82-118 / https://privacy.kisa.or.kr
- Cyber Crime Investigation, Supreme Prosecutors' Office/ +82-1301 / cid@spo.go.kr
- National Police Agency Cyber Investigation Bureau/ +82-182/ https://ecrm.cyber.go.kr
Amendment of the Privacy Policy
The Privacy Policy may be modified to reflect changes in laws or services. In case of any amendment to the Privacy Policy, t’order will publish the changes on the Company's website, and the amended Privacy Policy will take effect seven (7) days after being published.
However, in the case of substantial changes to user rights such as changes in the items of personal data collected or the purposes of use, we will inform you with a minimum of thirty (30) days' notice.